In a blog post last night, it warned that "an unauthorised person" had stolen users' names, addresses, email addresses, birth dates, passwords and login information between April 17 and 19.

The hacker may also have obtained users' profile data, including buying history, billing address and password security answers, Sony wrote.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," Sony added.

"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

On Saturday, Sony said it was rebuilding its systems and reiterated that it faced a security problem. However it did not shed any light on the nature of the problem, sparking fears that some of its 75 million customers’ credit card details could have been stolen by hackers.

“Our efforts to resolve this matter involve rebuilding our system to further strengthen our network infrastructure. Though this task is time consuming, we decided it was worth the time necessary to provide the system with additional security,” said company spokesman Patrick Seybold at the time.

Following the announcement last night, Graham Cluley, senior technology consultant at security vendor Sophos, warned that up to 70 million PlayStation Network users could be at risk of identity theft. That number may be as high as 77 million.

He warned that hackers could exploit the stolen information to break into users' other online accounts, launch phishing scams or malware attacks, or make purchases using stolen credit card information.

"This security breach is not just a public relations disaster for Sony, it's a very real danger for its many users," he wrote, urging users to change passwords, audit their online accounts, and monitor their credit card statements.

"The fact that credit card details ... may also have been stolen is obviously very worrying ... Questions clearly have to be asked as to whether Sony was ignorant of PCI data security standards and storing this and other personal data in an unencrypted format."

Other online commentators subsequently speculated that Sony shut down its network in response to a firmware hack.

“Chesh420”, a moderator at the PlayStation modification and hacking forum, PSX-Scene, pointed to the custom firmware “Rebug”. Released on March 31, it allowed blacklisted units back on to Sony’s network by giving consumer units access to the developer domain of its network.

“It essentially turns a retail console into a dev console,” he explained in a post published on Reddit yesterday.

Access to this domain also allowed users to buy content with fake credit card details.

“What happened next was extreme piracy of PSN content. Sony realising the issue here shut down the network," Chesh420 speculated.

Take part in discussions with comments on blogs, news and reviews; receive all the latest industry news directly to your inbox and tailor make your information specifically to your interests. Join now for free.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.